Kubernetes cluster internally uses a set of certificates for secure communication. Every certificate has an expiry date and it need to be renewed periodically.
The Kubernetes will take care of the renewal operation. We can also trigger the renewal of the certificate.
Step 1: Check the certificate details
The first thing we need to check is the expiry details of the certificate. The command to check the expiry details of the certificate is given below.
kubeadm alpha certs check-expiration
You can check the response and verify the certificate expiry details.
Step 2: Back up the configurations and certificates
It is very important to back up the current configurations and certificates before performing any modifications.
mkdir -p $HOME/backup/k8-conf
mkdir -p ~/backup/k8-conf-cert
mkdir -p ~/backup/k8-certs
cp -r /etc/kubernetes/*.conf $HOME/backup/k8-conf/
cp -r /etc/kubernetes/pki/ $HOME/backup/k8-conf-cert/
cp -r /var/lib/kubelet/pki/* $HOME/backup/k8-certs
Step 3: Renew the certificates
Now we can renew the certificates by executing the following command.
kubeadm alpha certs renew all
This command will complete the execution quickly. A Sample output is given below.
Step 4: Verify the renewed certificates
The last step is to verify the renewed certificates. The command to verify the certificate is already explained in step 1.
kubeadm alpha certs check-expiration
This command will show the updated expiry dates after the renewal.
Also test some kubectl commands to ensure the communication is happening properly.
Some simple commands for testing kubectl are given below.
kubectl get nodes
kubectl get pods --all-namespaces
All About Tech 
For anyone else reading this, you need restart a few services to make everything work (eg apiserver,kube-controller,schedule). If using docker try
systemctl restart docker
Also, if you use kubectl you will need to update the certs it uses to match, e.g.
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config